Date: Sun, 2 Dec 2012 13:05:51 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: "O. Hartmann" <ohartman@zedat.fu-berlin.de> Cc: freebsd-current@freebsd.org Subject: Re: Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd)) Message-ID: <alpine.BSF.2.00.1212021302390.55169@fledge.watson.org> In-Reply-To: <50BB136F.4040509@zedat.fu-berlin.de> References: <alpine.BSF.2.00.1212011512410.34256@fledge.watson.org> <50BA7158.1040302@fgznet.ch> <CADLo83-SJMdu7jagH-Ac_Ooc-LahDtL%2BEF-cRHiWsS9u64sxsA@mail.gmail.com> <50BB136F.4040509@zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2 Dec 2012, O. Hartmann wrote: >> Does mergemaster -p help? > > I had the very same problem and complained about it on current@. > "mergemaster -p" definitely helped for me and I was given the advise to use > mergemaster -p prior to every make installworld. Just to follow up on this thread, since the question has come up a number of times. "mergemaser -p" should be run prior to installworld always, but most of the time will do very little. One of its responsibilities is to add any necessary accounts and groups depended on by base system components -- e.g., that will be referenced during installworld as part of setting file ownership and groups. One of the primary sources of new users and groups has been chroot/etc sandboxes -- independent from the role of a daemon as a file owner. My hope is that this will reduce over time with increasing use Capsicum sandboxes, which don't require custom UIDs/GIDs. However, there are still cases where you want a daemon, for reasons of file and group ownership, to run as a specific user, as is the case with auditdistd, which does support Capsicum (where enabled). Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1212021302390.55169>